This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:OWASP Proactive Controls

From OWASP
Revision as of 16:18, 18 July 2014 by Thomas Herzog (talk | contribs) (Proposal for a regular expression for passwords)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Hi Jim,

When looking at your your project page, maybe I have something, that you might be interested in.

A while ago, Torsten figured out how to write the password policy of Windows (3 out of 4) as an regular expression:

^(?:(?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))(?!.*(.)\1{2,})[A-Za-z0-9!~<>,;:_=?*+#."&§%°()\|\[\]\-\$\^\@\/]{8,32}$

A short explanation:

password length 8 -32 Character set: -Za-z0-9!/~<>,;:_=?*+-#."&§$%^°()[]|@ at least 3 out 4 (uppercase and lowercase letters, numbers and special characters) no more than 2 equal characters in a row (that's not Windows)

More on your document maybe later.

Best Regards, Thomas

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:OWASP_Proactive_Controls&oldid=178980"